search

tls-attacker / TLS-Attacker

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.
Apache License 2.0
777 stars 135 forks source link

is there -Verify 1 option in TLS-Attacker server mode #102

Open ghost opened 3 years ago

ghost commented 3 years ago

openssl s_server -key p256.key -cert p256.crt -msg -tls1_3 -Verify 1

-Verify 1 enforces the connection to proceed only when client provides a certificate. Is there any option to replicate above command in TLS-Attacker in Server Mode?

ic0ns commented 3 years ago

No, you would need to check this yourself.

ghost commented 3 years ago

how to check ? any example.

ic0ns commented 3 years ago

state.getTlsContext().getClientCertificate() == null

ghost commented 3 years ago

openssl s_client -connect 127.0.0.1:54000 -msg -tls1_3 -cert mycert.pem -key mykey.pem

tlsattacker in server mode giving fatal illegal_parameter when I am passing certificate and key please let me know if I miss something. Attached log client_auth.log

mmaehren commented 3 years ago

Please also provide openssl's error message. I'm not sure if setting a cert for s_client enforces that the server requests a certificate. As you can see in the debug output, TLS-Attacker does not send a CertificateRequest. Openssl would thus lack the certificate request context required for the Certificate message.

ghost commented 3 years ago

please find openssl s_client output:

$ openssl s_client -connect 127.0.0.1:54000 -msg -tls1_3 -cert mycert.pem -key mykey.pem
CONNECTED(00000003)
>>> ??? [length 0005]
    16 03 01 00 d2
>>> TLS 1.3, Handshake [length 00d2], ClientHello
    01 00 00 ce 03 03 1d d3 18 97 b4 1b a2 04 d7 9c
    4e 89 1c d1 f1 d6 ef af 64 33 93 00 0f 0e f7 42
    8f da aa 6b 95 ce 20 65 9a 0e f1 23 0b 9c ae df
    b3 4f d7 d9 67 15 2f 88 a4 61 da 03 a3 2d a2 44
    35 42 37 d2 67 a3 d5 00 08 13 02 13 03 13 01 00
    ff 01 00 00 7d 00 0b 00 04 03 00 01 02 00 0a 00
    0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 00
    00 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c 04
    03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08
    04 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 02
    03 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d
    00 20 aa e7 d6 72 01 d4 b1 cc b8 4e 2b 7b b4 3e
    3f c9 d1 3b 71 74 a3 33 46 5b 44 6c 89 4e bd cc
    d3 5c
<<< ??? [length 0005]
    16 03 03 00 7a
<<< TLS 1.3, Handshake [length 007a], ServerHello
    02 00 00 76 03 03 17 1b 95 34 60 b4 20 bb 38 51
    d9 d4 7a cb 93 3d be 70 39 9b f6 c9 2d a3 3a f0
    1d 4f b7 70 e9 8c 20 65 9a 0e f1 23 0b 9c ae df
    b3 4f d7 d9 67 15 2f 88 a4 61 da 03 a3 2d a2 44
    35 42 37 d2 67 a3 d5 13 02 00 00 2e 00 33 00 24
    00 1d 00 20 b1 e8 23 6b 63 1e 19 d8 6b 28 a6 ff
    4d 5f 4b 39 d4 1e dd f4 7a b7 d3 a9 57 95 06 de
    c3 da 27 2a 00 2b 00 02 03 04
<<< ??? [length 0005]
    14 03 03 00 01
<<< ??? [length 0005]
    17 03 03 00 17
<<< TLS 1.3 [length 0001]
    16
<<< TLS 1.3, Handshake [length 0006], EncryptedExtensions
    08 00 00 02 00 00
Can't use SSL_get_servername
<<< ??? [length 0005]
    17 03 03 04 15
<<< TLS 1.3 [length 0001]
    16
<<< TLS 1.3, Handshake [length 0404], Certificate
    0b 00 04 00 00 00 03 fc 00 03 f7 30 82 03 f3 30
    82 02 db a0 03 02 01 02 02 14 25 7d 87 4b 02 41
    43 0d 84 f0 79 50 88 39 cf e1 d8 15 9a e6 30 0d
    06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 88
    31 0b 30 09 06 03 55 04 06 13 02 49 4e 31 0b 30
    09 06 03 55 04 08 0c 02 54 53 31 0c 30 0a 06 03
    55 04 07 0c 03 48 59 44 31 12 30 10 06 03 55 04
    0a 0c 09 50 61 72 69 6d 69 74 68 61 31 0c 30 0a
    06 03 55 04 0b 0c 03 45 6e 67 31 16 30 14 06 03
    55 04 03 0c 0d 70 61 72 69 6d 69 74 68 61 2e 63
    6f 6d 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09
    01 16 15 63 6f 6e 74 61 63 74 40 70 61 72 69 6d
    69 74 68 61 2e 63 6f 6d 30 1e 17 0d 32 31 30 34
    32 32 31 32 31 36 32 37 5a 17 0d 33 31 30 34 32
    30 31 32 31 36 32 37 5a 30 81 88 31 0b 30 09 06
    03 55 04 06 13 02 49 4e 31 0b 30 09 06 03 55 04
    08 0c 02 54 53 31 0c 30 0a 06 03 55 04 07 0c 03
    48 59 44 31 12 30 10 06 03 55 04 0a 0c 09 50 61
    72 69 6d 69 74 68 61 31 0c 30 0a 06 03 55 04 0b
    0c 03 45 6e 67 31 16 30 14 06 03 55 04 03 0c 0d
    70 61 72 69 6d 69 74 68 61 2e 63 6f 6d 31 24 30
    22 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 63 6f
    6e 74 61 63 74 40 70 61 72 69 6d 69 74 68 61 2e
    63 6f 6d 30 82 01 22 30 0d 06 09 2a 86 48 86 f7
    0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02
    82 01 01 00 d2 e2 96 c9 c3 ea 6f ed 70 d9 6e 8d
    9a 95 f8 8b c9 41 79 a8 a1 18 01 e6 5f 79 58 aa
    3c 8f 53 5d 4d 68 ac 08 a9 60 b2 c1 ca 9e a4 d8
    2f 93 0a 8a 59 6c 94 46 60 2b 70 c4 6d 7c 0c e3
    26 26 4b 95 36 79 8e 14 24 ee b5 f3 b1 ec 84 1f
    57 75 30 ba c6 6d 37 54 ee 4d 00 7d d5 f4 99 e0
    59 4b c4 9d d4 58 c8 f7 c3 91 87 43 94 aa fb 89
    7c d1 bc 02 9a f4 5a b1 bb 19 da 52 0a e7 ef 00
    fd 8c da f7 f5 d3 6e b2 b5 0f 08 8f ad 4a b0 56
    3f 8b 1e cc 77 18 7d 21 cd 2a 4a 3f 02 1c c5 07
    91 d8 4c 14 7d c2 26 65 9d c0 52 08 24 eb e9 92
    f8 30 d1 8d dc 90 01 7b 7a f0 c7 41 97 b6 62 3b
    1a e3 d8 88 b3 6d 06 a2 85 74 1a ba f8 9a 6a 8a
    d3 21 35 2f 30 ba 4b fa 72 da 6b 43 27 37 c9 25
    0d bd 00 a4 d7 de 2a df e0 d0 39 db 45 0d 0b 1a
    d6 27 ed e8 9c b6 b6 0e 79 9e ed e7 48 40 c9 4e
    03 65 de bb 02 03 01 00 01 a3 53 30 51 30 1d 06
    03 55 1d 0e 04 16 04 14 b7 79 1e e6 6e 48 77 90
    12 8d d2 ea 6e 89 75 84 31 82 f8 08 30 1f 06 03
    55 1d 23 04 18 30 16 80 14 b7 79 1e e6 6e 48 77
    90 12 8d d2 ea 6e 89 75 84 31 82 f8 08 30 0f 06
    03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 0d
    06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01
    01 00 cb 6a 0e 3a 7f a8 0b 64 ac bc 6e 0e a8 7d
    9c c4 9e d9 38 af b9 50 c8 4f 20 39 07 d6 e0 fd
    55 24 28 df 63 aa c9 be 63 15 1c 53 06 32 48 36
    73 51 f8 72 a6 fe 3c 0e c8 15 73 73 43 1d 43 32
    26 c5 35 0d d4 fb 5b 8d d2 f5 02 fb 0c 25 af ca
    cb dd 4e bb 79 89 9d 3c 2a e4 1c 37 31 72 7d a3
    66 38 31 93 fc bc 2a b2 8e 13 3c 49 25 46 02 03
    c1 1f ef ce e9 6b 1f 47 43 1b 03 59 fe 0e 3a 8f
    ff fb 70 05 1f 5e fd 3f 59 da 4a aa 4d ff 35 df
    7c 70 44 92 4e 73 06 13 45 40 21 cc b8 b2 02 66
    c9 b1 af c7 27 9d f9 33 20 4a 37 cc aa 9a fb fc
    2b 71 64 2c b3 9e d3 bc 90 f2 da 75 1f 48 e4 88
    19 f0 85 9c e7 37 d3 a0 1e 70 1d cd e1 ad 79 24
    59 39 28 ea fe ae bd b6 a2 d5 24 9d f9 30 fd 73
    7a 24 44 86 17 22 5d 16 bc d9 b4 85 37 c0 e4 0e
    7d 92 9d b9 f8 69 2a 9a f5 7f 4a 3e 36 55 91 45
    02 ae 00 00
depth=0 C = IN, ST = TS, L = HYD, O = Parimitha, OU = Eng, CN = parimitha.com, emailAddress = contact@parimitha.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = IN, ST = TS, L = HYD, O = Parimitha, OU = Eng, CN = parimitha.com, emailAddress = contact@parimitha.com
verify return:1
<<< ??? [length 0005]
    17 03 03 01 19
<<< TLS 1.3 [length 0001]
    16
<<< TLS 1.3, Handshake [length 0108], CertificateVerify
    0f 00 01 04 08 09 01 00 be c1 17 af 27 37 a5 c3
    6a 38 69 40 d1 de 23 95 a9 d3 bf 77 d7 4b 83 b7
    d0 f4 f6 1e b3 24 2d a5 ae 6d c7 e3 3f 30 55 cb
    e2 08 1e 13 3c ef 0f db 9b 0b 4a 5d 1a 3a 8a 05
    8a 13 34 74 d8 a7 53 6d bb 75 e5 2f 73 6c 80 c0
    28 74 c8 0d ed ff fd b5 ad 40 09 97 fd 45 3b f2
    79 d1 b9 03 e4 dd f4 cb bc a9 49 cf 9e 4c 4b 2d
    1a 74 29 e4 09 ec b8 1c 9c bf a3 04 63 60 01 94
    e2 50 6b 85 e2 33 f8 38 d2 9c f6 c0 f1 12 18 88
    65 36 71 b9 d7 37 f6 e5 da 41 c5 15 36 12 62 0c
    d3 d5 f1 c0 39 f4 05 2f 30 57 2e bd 34 33 3a 71
    3e 67 2d 88 b9 a8 d2 21 96 02 a9 34 85 7a b5 f1
    61 ff 10 6c 70 ad 0b 39 39 f3 57 56 86 5e fb a7
    d1 ee f8 3d fc 7e ac 48 25 1d a2 da 44 d3 c3 9f
    c3 9e f8 40 2e fd d0 4a 02 b5 dd fd 82 cb 41 38
    93 e0 84 42 df dd 52 d3 7b 56 26 e4 dd 93 57 fa
    ed 94 fa ae 41 b1 0f ad
>>> ??? [length 0005]
    15 03 03 00 02
>>> TLS 1.3, Alert [length 0002], fatal illegal_parameter
    02 2f
4708638208:error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type:ssl/t1_lib.c:1065:
---
Certificate chain
 0 s:C = IN, ST = TS, L = HYD, O = Parimitha, OU = Eng, CN = parimitha.com, emailAddress = contact@parimitha.com
   i:C = IN, ST = TS, L = HYD, O = Parimitha, OU = Eng, CN = parimitha.com, emailAddress = contact@parimitha.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID8zCCAtugAwIBAgIUJX2HSwJBQw2E8HlQiDnP4dgVmuYwDQYJKoZIhvcNAQEL
BQAwgYgxCzAJBgNVBAYTAklOMQswCQYDVQQIDAJUUzEMMAoGA1UEBwwDSFlEMRIw
EAYDVQQKDAlQYXJpbWl0aGExDDAKBgNVBAsMA0VuZzEWMBQGA1UEAwwNcGFyaW1p
dGhhLmNvbTEkMCIGCSqGSIb3DQEJARYVY29udGFjdEBwYXJpbWl0aGEuY29tMB4X
DTIxMDQyMjEyMTYyN1oXDTMxMDQyMDEyMTYyN1owgYgxCzAJBgNVBAYTAklOMQsw
CQYDVQQIDAJUUzEMMAoGA1UEBwwDSFlEMRIwEAYDVQQKDAlQYXJpbWl0aGExDDAK
BgNVBAsMA0VuZzEWMBQGA1UEAwwNcGFyaW1pdGhhLmNvbTEkMCIGCSqGSIb3DQEJ
ARYVY29udGFjdEBwYXJpbWl0aGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA0uKWycPqb+1w2W6NmpX4i8lBeaihGAHmX3lYqjyPU11NaKwIqWCy
wcqepNgvkwqKWWyURmArcMRtfAzjJiZLlTZ5jhQk7rXzseyEH1d1MLrGbTdU7k0A
fdX0meBZS8Sd1FjI98ORh0OUqvuJfNG8Apr0WrG7GdpSCufvAP2M2vf1026ytQ8I
j61KsFY/ix7Mdxh9Ic0qSj8CHMUHkdhMFH3CJmWdwFIIJOvpkvgw0Y3ckAF7evDH
QZe2Yjsa49iIs20GooV0Grr4mmqK0yE1LzC6S/py2mtDJzfJJQ29AKTX3irf4NA5
20UNCxrWJ+3onLa2Dnme7edIQMlOA2XeuwIDAQABo1MwUTAdBgNVHQ4EFgQUt3ke
5m5Id5ASjdLqbol1hDGC+AgwHwYDVR0jBBgwFoAUt3ke5m5Id5ASjdLqbol1hDGC
+AgwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAy2oOOn+oC2Ss
vG4OqH2cxJ7ZOK+5UMhPIDkH1uD9VSQo32Oqyb5jFRxTBjJINnNR+HKm/jwOyBVz
c0MdQzImxTUN1PtbjdL1AvsMJa/Ky91Ou3mJnTwq5Bw3MXJ9o2Y4MZP8vCqyjhM8
SSVGAgPBH+/O6WsfR0MbA1n+DjqP//twBR9e/T9Z2kqqTf8133xwRJJOcwYTRUAh
zLiyAmbJsa/HJ535MyBKN8yqmvv8K3FkLLOe07yQ8tp1H0jkiBnwhZznN9OgHnAd
zeGteSRZOSjq/q69tqLVJJ35MP1zeiREhhciXRa82bSFN8DkDn2Snbn4aSqa9X9K
PjZVkUUCrg==
-----END CERTIFICATE-----
subject=C = IN, ST = TS, L = HYD, O = Parimitha, OU = Eng, CN = parimitha.com, emailAddress = contact@parimitha.com

issuer=C = IN, ST = TS, L = HYD, O = Parimitha, OU = Eng, CN = parimitha.com, emailAddress = contact@parimitha.com

---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1497 bytes and written 222 bytes
Verification error: self signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self signed certificate)
---
mmaehren commented 3 years ago

Which openssl version is this?

ghost commented 3 years ago 
OpenSSL 1.1.1k  25 Mar 2021
built on: Thu Mar 25 21:01:05 2021 UTC
platform: darwin64-x86_64-cc
options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
compiler: clang -fPIC -arch x86_64 -O3 -Wall -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT -DNDEBUG
OPENSSLDIR: "/usr/local/etc/openssl@1.1"
ENGINESDIR: "/usr/local/Cellar/openssl@1.1/1.1.1k/lib/engines-1.1"
Seeding source: os-specific
mmaehren commented 3 years ago

I'm not sure what's causing the alert. Openssl's error 4708638208:error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type:ssl/t1_lib.c:1065: seems to reference these lines of code https://github.com/openssl/openssl/blob/fd78df59b0f656aefe96e39533130454aa957c00/ssl/t1_lib.c#L1061-L1067

I talked to @ic0ns and he mentioned that there are different OIDs that define if a key is meant to be used for both RSA_PSS_RSAE and RSA_PSS_PSS. Does the same configuration work if you enforce an RSA_PSS_RSAE signature algorithm?

ghost commented 3 years ago

only when I am using RSA-PSS Certificate getting this error fatal illegal_parameter